Versions Compared

Old Version 4

changes.mady.by.user Šárka Portešová (Unlicensed)

Saved on

compared with

New Version 5

changes.mady.by.user Šárka Portešová (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

ProxyIdP offers a more secure way of authentication on top of passwords – the so-called Multi-Factor Authentication (MFA). Once activated, an additional form of authentication is required in addition to the required password, for example in the form of a verification code. This function makes it more difficult for potential attackers to misuse someone else’s account.

...

About ProxyIdP Multi-Factor Authentication 🔴 How to set up Multi-Factor Authentication🔴

Info

Within ProxyIdP MFA, the verification code method (TOTP) must be set first.
Subsequently, a security key (WebAuthn) can be used together with the verification codes.

Expand
titleComparison of signing in methods

Passwords

Verification codes (TOTP)

Security keys (WebAuthn)

Protection against misuse of stolen passwords

Protection against guessing of passwords

Protection against simple phishing

Protection against advanced phishing

Availability on all IT devices

Expand
titleGlossary

Multi-factor authentication

Identity verification using two or more authentication factors (e.g. something I know + something I have).

Security key

Usually a physical or a virtual device used for identity verification based on a secret key.

Verification codes

One-time codes with limited time validity, generated by an authentication app, e.g. Aegis.

Recovery codes

One-time codes which can be generated during initial setup and saved or printed. They can be used to authenticate in case of losing all other authentication devices.

Tokens

Means of authentication other than a password or a PIN, including security keys, verification codes and recovery codes.

...

Security keys offer maximum levels of security, it authenticates the device using so-called "asymmetric cryptography". A computer or smartphone can be used as a security key if it supports this function (if you are not sure, you can test your device here). When logging in, depending on the type of your device you need to either confirm a notification, use your fingerprint or facial recognition.

...

Adding the first token automatically sets up Multi-Factor Authentication for all IT services under MUNI Unified Login. Managing for which services multi-factor authentication is enabled is possible in the 🔴 User Profile for managing selected services🔴 .

Backup codes for restoring access

As a part of the initial set up of Multi-Factor Authentication, a set of backup codes is generated. These are used in case all registered devices are lost and access has to be restored. The codes can be saved in PDF or printed out.

...

Otázky:

Je něco i na perunu jako: (if you are not sure, you can test your device here).?